Nation-State Actor
APT10 (Stone Panda)
China • Active since 2006
APT10 is a Chinese spy hacking group that figured out a clever trick: instead of attacking companies directly, they hack the IT companies that manage those companies' computers. Once inside the IT company, they can access hundreds of clients.
Overview
APT10 is a Chinese state-sponsored threat group that specializes in targeting managed service providers (MSPs) to gain access to their clients. They conduct large-scale intellectual property theft and espionage operations.
Also Known As
Stone Panda, MenuPass, Cicada, POTASSIUM, Red Apollo
Target Industries
MSP/IT Services, Healthcare, Engineering, Defense, Government
Target Regions
Japan, United States, Europe, Global
Is your business exposed?
Tactics, Techniques & Procedures
- • MSP/supply chain compromise
- • Spear-phishing
- • PowerShell abuse
- • Credential dumping
- • Living off the land
Known Tools & Malware
QUASARRAT, REDLEAVES, CHCHES, ANEL, Sodamaster
Notable Campaigns
Cloud Hopper (2014-2017)
Massive campaign compromising MSPs to access clients in 12+ countries.
Japanese Entity Targeting (2020)
Ongoing operations against Japanese companies and government.
MITRE ATT&CK Techniques
T1199, T1566.001, T1059.001, T1003, T1078
Defense Recommendations
- 1.
Audit MSP access and privileges
- 2.
Implement zero trust for third-party access
- 3.
Monitor for REDLEAVES indicators
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required